Within the field of query processing, many query processors are provided that accept queries from a variety of sources, potentially including queries from unknown and/or untrusted sources. Queries may be specified in a query language, such as a variant of the Structured Query Language (SQL) or XPath, and may be processed against a data set such as the tables of an SQL database to generate and return a query result.
Many such scenarios involve data sets that are secured by various mechanisms, such as restrictions on which tables are available for querying; which records of a table may be queried and/or disclosed; and whether the schema of a particular table is available for inspection. For example, a customer of a service may be permitted to query the record of a Customers table that corresponds to the customer's account, but may not be permitted to access the records of any other customer. The restrictions over the data set may extend to metadata of the data set, such as the number of records in a table, whether or not a table or attribute with a particular name exists, and whether or not particular objects of the data set are protected by a security mechanism.
Administrators of the data set may seek to protect these properties from unauthorized access. For example, queries provided by untrusted users may be evaluated in a limited security context that restricts access to a particular data set, such as prohibiting access to tables that such users are not permitted to access. The evaluation of the query within these security constraints may block the user from inspecting or accessing properties of the data set that are to be withheld from the users.